|
Problem IC73754
|
Status: Closed |
CONNECTIONS WITH KERBEROS AUTHENTICATION ARE IMPOSSIBLE FROM A DB2 CLIENT THAT DOESN'T USE DB2 DATABASE CATALOGS. |
| product: |
DB2 CONNECT / DB2CONNCT / 970 - DB2 |
| Problem description: |
If you are trying to connect to a DB2 server, using the Kerberos
authentication, from a DB2 Client that doesn't use DB2 database
catalogs, you will receive an error message because CLI doesn't
have a ini/cfg keyword for passing the principal name.
The following test demonstrates the problem :
With the following db2cli.ini :
[ODBCKB]
Database=DB2KB
Trusted_Connection=Yes
Protocol=TCPIP
Hostname=LOCALHOST
Authentication=KERBEROS
KRBPlugin=IBMkrb5
;principal=service/host@REALM
Port=port1
AutoCommit=0
The following connection fails with this error : SQL30082N
Security processing failed with reason "36" ("UNEXPECTED CLIENT
ERROR").
more test.cli :
opt callerror on
opt echo on
sqlallocenv 1
sqlallocconnect 1 1
sqldriverconnect 1 0 "DSN=ODBCKB" -3 255 SQL_DRIVER_NOPROMPT
quit
db2cli < test.cli
...
> sqldriverconnect 1 0 "DSN=ODBCKB" -3 255 SQL_DRIVER_NOPROMPT
SQLDriverConnect: rc = -1 (SQL_ERROR)
SQLError: rc = 0 (SQL_SUCCESS)
SQLError: SQLState : 08001
fNativeError : -30082
szErrorMsg : [IBM][CLI Driver] SQL30082N Security
processing failed with reason "36" ("UNEXPECTED CLIENT ERROR").
SQLSTATE=08001
... |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 Clients connecting via Kerberos without using a DB2 *
* database catalogs. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 9.7 FP4 *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
|
| Solution |
The problem was first fixed in DB2 9.7 FP4 where a new
db2cli.ini parameter was introduced :
TargetPrincipal = name/instance@REALM |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 10.01.2011
19.05.2011
19.05.2011 |
| Problem solved at the following versions (IBM BugInfos) |
9.7.FP4
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.7.0.4
|
 |
